Now let’s think about the damage of a serious vulnerability in the JQuery or other widely used libraries.
In such a case the effect would be very much.
1. Snooping The Words You Type
2. Tracking Your Browsing Habits
3. Malicious Code Injection
BeEF is a project which uses browser vulnerabilities to gain control of the target computer system.
Let’s consider a possible scenario, as mentioned in Table I above, JQuery is widely used worldwide (%86 in alexa, %62 in Com). Today, JQuery has 66 different versions. More than half of these versions have at least one vulnerability. If attackers can add malicious code (e.g. hook.js ) to a website using any vulnerability, they can gain full access to the target machines. Considering that JQuery is so widely used, this situation may affect millions of people in a bad way. (Detailed information about these statistical informations are explained below.)
But How? It is a little complicated and there is some limitations.
Figure 1 shows details of the 11 libraries with vulnerability information. For each library, we show the total number of versions in our catalogue as well as the fraction of versions. The worst offender is Angular 1.2.0, which contains 5 vulnerabilities. Overall, we see that 28.3%, 6.7%, and 6.1% of these library versions contain one, two, or three known vulnerabilities, respectively. More than half version of JQuery has one vulnerability.
How NormShield take precautions to prevent this situation?
Get your free cyber risk security scorecard now!